From 96575db11d45c3dbe752757923465286042275d0 Mon Sep 17 00:00:00 2001 From: Murat Date: Mon, 31 Aug 2020 20:19:15 +0200 Subject: [PATCH 01/23] Add from_der and to_der to PKCS7 --- openssl-sys/src/pkcs7.rs | 4 ++++ openssl/src/pkcs7.rs | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/openssl-sys/src/pkcs7.rs b/openssl-sys/src/pkcs7.rs index 454a04dfcf..5aa55ff8b5 100644 --- a/openssl-sys/src/pkcs7.rs +++ b/openssl-sys/src/pkcs7.rs @@ -29,6 +29,10 @@ pub const PKCS7_REUSE_DIGEST: c_int = 0x8000; pub const PKCS7_NO_DUAL_CONTENT: c_int = 0x10000; extern "C" { + pub fn d2i_PKCS7(a: *mut *mut PKCS7, pp: *mut *const c_uchar, length: c_long) -> *mut PKCS7; + + pub fn i2d_PKCS7(a: *mut PKCS7, buf: *mut *mut u8) -> c_int; + pub fn PKCS7_encrypt( certs: *mut stack_st_X509, b: *mut BIO, diff --git a/openssl/src/pkcs7.rs b/openssl/src/pkcs7.rs index a4d93cf958..7820739c0c 100644 --- a/openssl/src/pkcs7.rs +++ b/openssl/src/pkcs7.rs @@ -61,6 +61,17 @@ impl Pkcs7 { ffi::PEM_read_bio_PKCS7 } + from_der! { + /// Deserializes a DER-encoded PKCS#7 signature + /// + /// This corresponds to [`d2i_PKCS7`]. + /// + /// [`d2i_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/d2i_PKCS7.html + from_der, + Pkcs7, + ffi::d2i_PKCS7 + } + /// Parses a message in S/MIME format. /// /// Returns the loaded signature, along with the cleartext message (if @@ -181,6 +192,16 @@ impl Pkcs7Ref { ffi::PEM_write_bio_PKCS7 } + to_der! { + /// Serializes the data into a DER-encoded PKCS#7 structure. + /// + /// This corresponds to [`i2d_PKCS7`]. + /// + /// [`i2d_PKCS7`]: https://www.openssl.org/docs/man1.1.0/man3/i2d_PKCS7.html + to_der, + ffi::i2d_PKCS7 + } + /// Decrypts data using the provided private key. /// /// `pkey` is the recipient's private key, and `cert` is the recipient's From 8bfdc7bd98d7d1d04ca0d507271e29660df4cde3 Mon Sep 17 00:00:00 2001 From: KOVACS Krisztian Date: Thu, 3 Sep 2020 16:16:40 +0200 Subject: [PATCH 02/23] Add constructor for creating Asn1Object from a textual OID representation This is effectively a wrapper for OBJ_txt2obj. --- openssl-sys/src/object.rs | 1 + openssl/src/asn1.rs | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/openssl-sys/src/object.rs b/openssl-sys/src/object.rs index a28454a4ce..09db4d9a0f 100644 --- a/openssl-sys/src/object.rs +++ b/openssl-sys/src/object.rs @@ -16,4 +16,5 @@ extern "C" { pub fn OBJ_find_sigid_algs(signid: c_int, pdig_nid: *mut c_int, ppkey_nid: *mut c_int) -> c_int; pub fn OBJ_sn2nid(sn: *const libc::c_char) -> libc::c_int; + pub fn OBJ_txt2obj(s: *const libc::c_char, no_name: libc::c_int) -> *mut ASN1_OBJECT; } diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs index 4140cd5ec6..2de7e952a8 100644 --- a/openssl/src/asn1.rs +++ b/openssl/src/asn1.rs @@ -537,6 +537,24 @@ foreign_type_and_impl_send_sync! { pub struct Asn1ObjectRef; } +impl Asn1Object { + /// Constructs an ASN.1 Object Identifier from a string representation of + /// the OID. + /// + /// This corresponds to [`OBJ_txt2obj`]. + /// + /// [`OBJ_txt2obj`]: https://www.openssl.org/docs/man1.1.0/man3/OBJ_txt2obj.html + #[allow(clippy::should_implement_trait)] + pub fn from_str(txt: &str) -> Result { + unsafe { + ffi::init(); + let txt = CString::new(txt).unwrap(); + let obj: *mut ffi::ASN1_OBJECT = cvt_p(ffi::OBJ_txt2obj(txt.as_ptr() as *const _, 0))?; + Ok(Asn1Object::from_ptr(obj)) + } + } +} + impl Asn1ObjectRef { /// Returns the NID associated with this OID. pub fn nid(&self) -> Nid { @@ -584,6 +602,7 @@ mod tests { use super::*; use bn::BigNum; + use nid::Nid; /// Tests conversion between BigNum and Asn1Integer. #[test] @@ -660,4 +679,17 @@ mod tests { assert!(b_ref <= a_ref); assert!(c_ref < a_ref); } + + #[test] + fn object_from_str() { + let object = Asn1Object::from_str("2.16.840.1.101.3.4.2.1").unwrap(); + assert_eq!(object.nid(), Nid::SHA256); + } + + #[test] + fn object_from_str_with_invalid_input() { + Asn1Object::from_str("NOT AN OID") + .map(|object| object.to_string()) + .expect_err("parsing invalid OID should fail"); + } } From c4cbf496c794d554cf76a369f1f94066c2e14a45 Mon Sep 17 00:00:00 2001 From: Hidekatsu Izuno Date: Sun, 13 Sep 2020 23:48:53 +0900 Subject: [PATCH 03/23] Add ecx support --- openssl-sys/src/evp.rs | 4 ++++ openssl-sys/src/obj_mac.rs | 4 ++++ openssl/src/pkey.rs | 16 ++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index d03f375829..820dd14c99 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -11,8 +11,12 @@ pub const EVP_PKEY_DSA: c_int = NID_dsa; pub const EVP_PKEY_DH: c_int = NID_dhKeyAgreement; pub const EVP_PKEY_EC: c_int = NID_X9_62_id_ecPublicKey; #[cfg(ossl111)] +pub const EVP_PKEY_X25519: c_int = NID_X25519; +#[cfg(ossl111)] pub const EVP_PKEY_ED25519: c_int = NID_ED25519; #[cfg(ossl111)] +pub const EVP_PKEY_X448: c_int = NID_X448; +#[cfg(ossl111)] pub const EVP_PKEY_ED448: c_int = NID_ED448; pub const EVP_PKEY_HMAC: c_int = NID_hmac; pub const EVP_PKEY_CMAC: c_int = NID_cmac; diff --git a/openssl-sys/src/obj_mac.rs b/openssl-sys/src/obj_mac.rs index e348f34193..d78416da3a 100644 --- a/openssl-sys/src/obj_mac.rs +++ b/openssl-sys/src/obj_mac.rs @@ -913,6 +913,10 @@ pub const NID_aes_128_cbc_hmac_sha1: c_int = 916; pub const NID_aes_192_cbc_hmac_sha1: c_int = 917; pub const NID_aes_256_cbc_hmac_sha1: c_int = 918; #[cfg(ossl111)] +pub const NID_X25519: c_int = 1034; +#[cfg(ossl111)] +pub const NID_X448: c_int = 1035; +#[cfg(ossl111)] pub const NID_ED25519: c_int = 1087; #[cfg(ossl111)] pub const NID_ED448: c_int = 1088; diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs index c8be33ca92..ff0746ff18 100644 --- a/openssl/src/pkey.rs +++ b/openssl/src/pkey.rs @@ -88,6 +88,10 @@ impl Id { pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519); #[cfg(ossl111)] pub const ED448: Id = Id(ffi::EVP_PKEY_ED448); + #[cfg(ossl111)] + pub const X25519: Id = Id(ffi::EVP_PKEY_X25519); + #[cfg(ossl111)] + pub const X448: Id = Id(ffi::EVP_PKEY_X448); /// Creates a `Id` from an integer representation. pub fn from_raw(value: c_int) -> Id { @@ -494,6 +498,18 @@ impl PKey { } } + /// Generates a new private Ed25519 key + #[cfg(ossl111)] + pub fn generate_x25519() -> Result, ErrorStack> { + PKey::generate_eddsa(ffi::EVP_PKEY_X25519) + } + + /// Generates a new private Ed448 key + #[cfg(ossl111)] + pub fn generate_x448() -> Result, ErrorStack> { + PKey::generate_eddsa(ffi::EVP_PKEY_X448) + } + /// Generates a new private Ed25519 key #[cfg(ossl111)] pub fn generate_ed25519() -> Result, ErrorStack> { From 7ef5e50e26fd21f292e536f68aa82e26bfaa163a Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 24 Sep 2020 14:24:27 -0400 Subject: [PATCH 04/23] bump to 1.1.1f in CI --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e41df76795..dc938cf2b2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -209,7 +209,7 @@ jobs: openssl_111: &openssl_111 library: openssl - version: 1.1.1g + version: 1.1.1h openssl_110: &openssl_110 library: openssl version: 1.1.0l From 3a4f96a73dd422301ee49902bfeeb61572be9bc8 Mon Sep 17 00:00:00 2001 From: Josh Robson Chase Date: Fri, 7 Jun 2019 10:26:17 -0400 Subject: [PATCH 05/23] Add basic bindings to the API CRLs --- openssl-sys/src/ossl_typ.rs | 2 -- openssl-sys/src/pem.rs | 7 ++++ openssl-sys/src/x509.rs | 71 +++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index 449ecd910b..b67b029e95 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -341,8 +341,6 @@ cfg_if! { } } } -pub enum X509_CRL {} -stack!(stack_st_X509_CRL); pub enum X509_NAME {} diff --git a/openssl-sys/src/pem.rs b/openssl-sys/src/pem.rs index 7e7c6f1152..3cdc89826e 100644 --- a/openssl-sys/src/pem.rs +++ b/openssl-sys/src/pem.rs @@ -19,6 +19,13 @@ extern "C" { user_data: *mut c_void, ) -> *mut X509; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; + pub fn PEM_read_bio_X509_CRL( + bio: *mut BIO, + out: *mut *mut X509_CRL, + callback: pem_password_cb, + user_data: *mut c_void, + ) -> *mut X509_CRL; + pub fn PEM_write_bio_X509_CRL(bio: *mut BIO, x509: *mut X509_CRL) -> c_int; pub fn PEM_read_bio_X509_REQ( bio: *mut BIO, out: *mut *mut X509_REQ, diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index fc6e4269b8..3752af18cf 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -37,6 +37,54 @@ cfg_if! { } } +pub enum X509_REVOKED {} +stack!(stack_st_X509_REVOKED); + +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_CRL {} + } else { + #[repr(C)] + pub struct X509_CRL { + pub crl: *mut X509_CRL_INFO, + sig_alg: *mut X509_ALGOR, + signature: *mut c_void, + references: c_int, + flags: c_int, + akid: *mut c_void, + idp: *mut c_void, + idp_flags: c_int, + idp_reasons: c_int, + crl_number: *mut ASN1_INTEGER, + base_crl_number: *mut ASN1_INTEGER, + sha1_hash: [c_uchar; 20], + issuers: *mut c_void, + meth: *const c_void, + meth_data: *mut c_void, + } + } +} + +stack!(stack_st_X509_CRL); + +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_CRL_INFO {} + } else { + #[repr(C)] + pub struct X509_CRL_INFO { + version: *mut ASN1_INTEGER, + sig_alg: *mut X509_ALGOR, + pub issuer: *mut X509_NAME, + pub lastUpdate: *mut ASN1_TIME, + pub nextUpdate: *mut ASN1_TIME, + revoked: *mut stack_st_X509_REVOKED, + extensions: *mut stack_st_X509_EXTENSION, + enc: ASN1_ENCODING, + } + } +} + cfg_if! { if #[cfg(ossl110)] { pub enum X509_REQ {} @@ -177,6 +225,15 @@ extern "C" { pub fn X509_ALGOR_free(x: *mut X509_ALGOR); + pub fn X509_CRL_new() -> *mut X509_CRL; + pub fn X509_CRL_free(x: *mut X509_CRL); + pub fn d2i_X509_CRL( + a: *mut *mut X509_CRL, + pp: *mut *const c_uchar, + length: c_long, + ) -> *mut X509_CRL; + pub fn i2d_X509_CRL(x: *mut X509_CRL, buf: *mut *mut u8) -> c_int; + pub fn X509_REQ_new() -> *mut X509_REQ; pub fn X509_REQ_free(x: *mut X509_REQ); pub fn d2i_X509_REQ( @@ -290,6 +347,20 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; + pub fn X509_CRL_verify(req: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + pub fn X509_CRL_get0_by_serial( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + serial: *mut ASN1_INTEGER, + ) -> c_int; + + #[cfg(ossl110)] + pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; + #[cfg(ossl110)] + pub fn X509_CRL_get0_lastUpdate(x: *const X509_CRL) -> *const ASN1_TIME; + #[cfg(ossl110)] + pub fn X509_CRL_get_issuer(x: *const X509_CRL) -> *mut X509_NAME; + #[cfg(ossl110)] pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; } From 6eabcf2ca0f06e3d4c2bf1a7d40f77fc51db6740 Mon Sep 17 00:00:00 2001 From: Josh Robson Chase Date: Mon, 10 Jun 2019 10:14:14 -0400 Subject: [PATCH 06/23] Expose the X509Revoked type directly --- openssl-sys/src/x509.rs | 45 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 3752af18cf..d9756fedaa 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -37,9 +37,6 @@ cfg_if! { } } -pub enum X509_REVOKED {} -stack!(stack_st_X509_REVOKED); - cfg_if! { if #[cfg(ossl110)] { pub enum X509_CRL {} @@ -78,13 +75,31 @@ cfg_if! { pub issuer: *mut X509_NAME, pub lastUpdate: *mut ASN1_TIME, pub nextUpdate: *mut ASN1_TIME, - revoked: *mut stack_st_X509_REVOKED, + pub revoked: *mut stack_st_X509_REVOKED, extensions: *mut stack_st_X509_EXTENSION, enc: ASN1_ENCODING, } } } +cfg_if! { + if #[cfg(ossl110)] { + pub enum X509_REVOKED {} + } else { + #[repr(C)] + pub struct X509_REVOKED { + pub serialNumber: *mut ASN1_INTEGER, + pub revocationDate: *mut ASN1_TIME, + extensions: *mut stack_st_X509_EXTENSION, + issuer: *mut stack_st_GENERAL_NAME, + reason: c_int, + sequence: c_int, + } + } +} + +stack!(stack_st_X509_REVOKED); + cfg_if! { if #[cfg(ossl110)] { pub enum X509_REQ {} @@ -225,6 +240,14 @@ extern "C" { pub fn X509_ALGOR_free(x: *mut X509_ALGOR); + pub fn X509_REVOKED_new() -> *mut X509_REVOKED; + pub fn X509_REVOKED_free(x: *mut X509_REVOKED); + pub fn d2i_X509_REVOKED( + a: *mut *mut X509_REVOKED, + pp: *mut *const c_uchar, + length: c_long, + ) -> *mut X509_REVOKED; + pub fn i2d_X509_REVOKED(x: *mut X509_REVOKED, buf: *mut *mut u8) -> c_int; pub fn X509_CRL_new() -> *mut X509_CRL; pub fn X509_CRL_free(x: *mut X509_CRL); pub fn d2i_X509_CRL( @@ -347,13 +370,25 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; - pub fn X509_CRL_verify(req: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + #[cfg(ossl110)] + pub fn X509_REVOKED_get0_serialNumber(req: *const X509_REVOKED) -> *const ASN1_INTEGER; + #[cfg(ossl110)] + pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + + pub fn X509_CRL_verify(crl: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; + pub fn X509_CRL_get0_by_cert( + x: *mut X509_CRL, + ret: *mut *mut X509_REVOKED, + cert: *mut X509, + ) -> c_int; pub fn X509_CRL_get0_by_serial( x: *mut X509_CRL, ret: *mut *mut X509_REVOKED, serial: *mut ASN1_INTEGER, ) -> c_int; + #[cfg(ossl110)] + pub fn X509_CRL_get_REVOKED(crl: *mut X509_CRL) -> *mut stack_st_X509_REVOKED; #[cfg(ossl110)] pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; #[cfg(ossl110)] From 0d0e3be39f5ecf6e42afae1af5b59f76fcdd7c10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sat, 26 Sep 2020 15:15:48 +0200 Subject: [PATCH 07/23] Add more bindings for X509_CRL --- openssl-sys/src/x509.rs | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index d9756fedaa..765ccdfdcf 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -375,6 +375,13 @@ extern "C" { #[cfg(ossl110)] pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; + pub fn X509_CRL_digest( + x: *const X509_CRL, + digest: *const EVP_MD, + md: *mut c_uchar, + len: *mut c_uint, + ) -> c_int; pub fn X509_CRL_verify(crl: *mut X509_CRL, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_CRL_get0_by_cert( x: *mut X509_CRL, @@ -398,6 +405,27 @@ extern "C" { #[cfg(ossl110)] pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION; + + pub fn X509_CRL_set_version(crl: *mut X509_CRL, version: c_long) -> c_int; + pub fn X509_CRL_set_issuer_name(crl: *mut X509_CRL, name: *mut X509_NAME) -> c_int; + pub fn X509_CRL_sort(crl: *mut X509_CRL) -> c_int; + + #[cfg(any(ossl110, libressl270))] + pub fn X509_CRL_up_ref(crl: *mut X509_CRL) -> c_int; +} +cfg_if! { + if #[cfg(any(ossl110, libressl270))] { + extern "C" { + pub fn X509_CRL_set1_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + pub fn X509_CRL_set1_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + } + } else { + // libressl270 kept them, ossl110 "#define"s them to the variants above + extern "C" { + pub fn X509_CRL_set_lastUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + pub fn X509_CRL_set_nextUpdate(crl: *mut X509_CRL, tm: *const ASN1_TIME) -> c_int; + } + } } cfg_if! { From 0b296921ff23199694c87634a59eba6916b3d3a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sat, 26 Sep 2020 14:46:00 +0200 Subject: [PATCH 08/23] Add a few bindings for X509_REVOKED --- openssl-sys/src/x509.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 765ccdfdcf..962b7f401b 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -370,10 +370,12 @@ extern "C" { #[cfg(any(ossl110, libressl273))] pub fn X509_up_ref(x: *mut X509) -> c_int; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl270))] pub fn X509_REVOKED_get0_serialNumber(req: *const X509_REVOKED) -> *const ASN1_INTEGER; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl270))] pub fn X509_REVOKED_get0_revocationDate(req: *const X509_REVOKED) -> *const ASN1_TIME; + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_get0_extensions(r: *const X509_REVOKED) -> *const stack_st_X509_EXTENSION; pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_CRL_digest( @@ -412,6 +414,7 @@ extern "C" { #[cfg(any(ossl110, libressl270))] pub fn X509_CRL_up_ref(crl: *mut X509_CRL) -> c_int; + pub fn X509_CRL_add0_revoked(crl: *mut X509_CRL, rev: *mut X509_REVOKED) -> c_int; } cfg_if! { if #[cfg(any(ossl110, libressl270))] { From 4f3a71ba04bfc41d5854985ec642730a0a3bbc76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 9 Aug 2020 19:07:40 +0200 Subject: [PATCH 09/23] Add bindings to access x509 extensions in various types --- openssl-sys/src/x509.rs | 115 ++++++++++++++++++++++++++++++++++++++ openssl-sys/src/x509v3.rs | 51 +++++++++++++++++ 2 files changed, 166 insertions(+) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 962b7f401b..929fecf57e 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -497,27 +497,142 @@ extern "C" { loc: c_int, set: c_int, ) -> c_int; +} +// "raw" X509_EXTENSION related functions +extern "C" { + // in X509 + pub fn X509_delete_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_add_ext(x: *mut X509, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; + pub fn X509_add1_ext_i2d( + x: *mut X509, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // in X509_CRL + pub fn X509_CRL_delete_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_add_ext(x: *mut X509_CRL, ext: *mut X509_EXTENSION, loc: c_int) -> c_int; + pub fn X509_CRL_add1_ext_i2d( + x: *mut X509_CRL, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // in X509_REVOKED + pub fn X509_REVOKED_delete_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_add_ext( + x: *mut X509_REVOKED, + ext: *mut X509_EXTENSION, + loc: c_int, + ) -> c_int; + pub fn X509_REVOKED_add1_ext_i2d( + x: *mut X509_REVOKED, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_NID( + ex: *mut *mut X509_EXTENSION, + nid: c_int, + crit: c_int, + data: *mut ASN1_OCTET_STRING, + ) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int; + pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int; + pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; + pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_STRING; } cfg_if! { if #[cfg(any(ossl110, libressl280))] { extern "C" { + // in X509 + pub fn X509_get_ext_count(x: *const X509) -> c_int; + pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: *const X509, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: *const X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: *const X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_get_ext_d2i( x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: *const X509_CRL, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: *const ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: *const X509_REVOKED, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: *const X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: *const ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *const ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: *const X509_EXTENSION) -> c_int; } } else { extern "C" { + // in X509 + pub fn X509_get_ext_count(x: *mut X509) -> c_int; + pub fn X509_get_ext_by_NID(x: *mut X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: *mut X509, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: *mut X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; pub fn X509_get_ext_d2i( x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: *mut X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: *mut X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: *mut X509_CRL, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: *mut X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: *mut ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: *mut X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: *mut X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: *mut X509_REVOKED, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: *mut X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: *mut ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *mut ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *mut ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int; } } } diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index dc936c4ce9..8300763e4d 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -91,3 +91,54 @@ extern "C" { pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING; } + +cfg_if! { + if #[cfg(any(ossl110, libressl280))] { + extern "C" { + pub fn X509V3_get_d2i( + x: *const stack_st_X509_EXTENSION, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509V3_extensions_print(out: *mut BIO, title: *const c_char, exts: *const stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; + } + } else { + extern "C" { + pub fn X509V3_get_d2i( + x: *mut stack_st_X509_EXTENSION, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509V3_extensions_print(out: *mut BIO, title: *mut c_char, exts: *mut stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; + } + } +} + +// X509V3_add1_i2d (and *_add1_ext_i2d) +pub const X509V3_ADD_DEFAULT: c_ulong = 0; +pub const X509V3_ADD_APPEND: c_ulong = 1; +pub const X509V3_ADD_REPLACE: c_ulong = 2; +pub const X509V3_ADD_REPLACE_EXISTING: c_ulong = 3; +pub const X509V3_ADD_KEEP_EXISTING: c_ulong = 4; +pub const X509V3_ADD_DELETE: c_ulong = 5; +pub const X509V3_ADD_SILENT: c_ulong = 0x10; + +extern "C" { + pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; + pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; + pub fn X509V3_add1_i2d( + x: *mut *mut stack_st_X509_EXTENSION, + nid: c_int, + value: *mut c_void, + crit: c_int, + flags: c_ulong, + ) -> c_int; + pub fn X509V3_EXT_print( + out: *mut BIO, + ext: *mut X509_EXTENSION, + flag: c_ulong, + indent: c_int, + ) -> c_int; +} From 85d78b29af9cf4ea38d0e61b93f1ef3d83f05f7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 9 Aug 2020 19:12:43 +0200 Subject: [PATCH 10/23] Add bindings and consts for x509 extensions flags and (extended) key usage --- openssl-sys/src/x509v3.rs | 60 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 8300763e4d..7b78cce15b 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -125,6 +125,59 @@ pub const X509V3_ADD_KEEP_EXISTING: c_ulong = 4; pub const X509V3_ADD_DELETE: c_ulong = 5; pub const X509V3_ADD_SILENT: c_ulong = 0x10; +// X509_get_extension_flags +pub const EXFLAG_BCONS: u32 = 0x1; +pub const EXFLAG_KUSAGE: u32 = 0x2; +pub const EXFLAG_XKUSAGE: u32 = 0x4; +pub const EXFLAG_NSCERT: u32 = 0x8; +pub const EXFLAG_CA: u32 = 0x10; +pub const EXFLAG_SI: u32 = 0x20; +pub const EXFLAG_V1: u32 = 0x40; +pub const EXFLAG_INVALID: u32 = 0x80; +pub const EXFLAG_SET: u32 = 0x100; +pub const EXFLAG_CRITICAL: u32 = 0x200; +pub const EXFLAG_PROXY: u32 = 0x400; +pub const EXFLAG_INVALID_POLICY: u32 = 0x800; +pub const EXFLAG_FRESHEST: u32 = 0x1000; +// before ossl102 / libressl260 EXFLAG_SS was 0x20 (the same as EXFLAG_SI); probably not useful semantic +#[cfg(any(ossl102, libressl261))] +pub const EXFLAG_SS: u32 = 0x2000; +/* +cfg_if! { + // probably gonna be in openssl-3.0.0-alpha7 + if #[cfg(any(ossl300))] { + pub const EXFLAG_BCONS_CRITICAL: u32 = 0x10000; + pub const EXFLAG_AKID_CRITICAL: u32 = 0x20000; + pub const EXFLAG_SKID_CRITICAL: u32 = 0x40000; + pub const EXFLAG_SAN_CRITICAL: u32 = 0x80000; + } +} +*/ + +// X509_get_key_usage +pub const X509v3_KU_DIGITAL_SIGNATURE: u32 = 0x0080; +pub const X509v3_KU_NON_REPUDIATION: u32 = 0x0040; +pub const X509v3_KU_KEY_ENCIPHERMENT: u32 = 0x0020; +pub const X509v3_KU_DATA_ENCIPHERMENT: u32 = 0x0010; +pub const X509v3_KU_KEY_AGREEMENT: u32 = 0x0008; +pub const X509v3_KU_KEY_CERT_SIGN: u32 = 0x0004; +pub const X509v3_KU_CRL_SIGN: u32 = 0x0002; +pub const X509v3_KU_ENCIPHER_ONLY: u32 = 0x0001; +pub const X509v3_KU_DECIPHER_ONLY: u32 = 0x8000; +pub const X509v3_KU_UNDEF: u32 = 0xffff; + +// X509_get_extended_key_usage +pub const XKU_SSL_SERVER: u32 = 0x1; +pub const XKU_SSL_CLIENT: u32 = 0x2; +pub const XKU_SMIME: u32 = 0x4; +pub const XKU_CODE_SIGN: u32 = 0x8; +pub const XKU_SGC: u32 = 0x10; +pub const XKU_OCSP_SIGN: u32 = 0x20; +pub const XKU_TIMESTAMP: u32 = 0x40; +pub const XKU_DVCS: u32 = 0x80; +#[cfg(ossl110)] +pub const XKU_ANYEKU: u32 = 0x100; + extern "C" { pub fn X509V3_EXT_d2i(ext: *mut X509_EXTENSION) -> *mut c_void; pub fn X509V3_EXT_i2d(ext_nid: c_int, crit: c_int, ext: *mut c_void) -> *mut X509_EXTENSION; @@ -141,4 +194,11 @@ extern "C" { flag: c_ulong, indent: c_int, ) -> c_int; + + #[cfg(ossl110)] + pub fn X509_get_extension_flags(x: *mut X509) -> u32; + #[cfg(ossl110)] + pub fn X509_get_key_usage(x: *mut X509) -> u32; + #[cfg(ossl110)] + pub fn X509_get_extended_key_usage(x: *mut X509) -> u32; } From 919874a2a5d71bc1e53c8915c9030a0ff9320fd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 9 Aug 2020 19:08:32 +0200 Subject: [PATCH 11/23] Add AUTHORITY_KEYID struct --- openssl-sys/src/x509v3.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 7b78cce15b..09329a89f6 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -27,6 +27,17 @@ extern "C" { pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME); } +#[repr(C)] +pub struct AUTHORITY_KEYID { + pub keyid: *mut ASN1_STRING, + pub issuer: *mut stack_st_GENERAL_NAME, + pub serial: *mut ASN1_INTEGER, +} + +extern "C" { + pub fn AUTHORITY_KEYID_free(akid: *mut AUTHORITY_KEYID); +} + #[cfg(any(ossl102, libressl261))] pub const X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT: c_uint = 0x1; #[cfg(any(ossl102, libressl261))] From 4707e74420b29ec9a5018bd1d25d5a1aff532d4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Mon, 28 Sep 2020 11:37:56 +0200 Subject: [PATCH 12/23] Fix ASN1_OCTET_STRING in bindings --- openssl-sys/src/x509.rs | 2 +- openssl-sys/src/x509v3.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 929fecf57e..e57ad6cffa 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -545,7 +545,7 @@ extern "C" { pub fn X509_EXTENSION_set_critical(ex: *mut X509_EXTENSION, crit: c_int) -> c_int; pub fn X509_EXTENSION_set_data(ex: *mut X509_EXTENSION, data: *mut ASN1_OCTET_STRING) -> c_int; pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; - pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_STRING; + pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_OCTET_STRING; } cfg_if! { if #[cfg(any(ossl110, libressl280))] { diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 09329a89f6..e93bc446cc 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -29,7 +29,7 @@ extern "C" { #[repr(C)] pub struct AUTHORITY_KEYID { - pub keyid: *mut ASN1_STRING, + pub keyid: *mut ASN1_OCTET_STRING, pub issuer: *mut stack_st_GENERAL_NAME, pub serial: *mut ASN1_INTEGER, } From 0076028edab4a99b5d934ba4699b004f27b90a21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 27 Sep 2020 11:54:38 +0200 Subject: [PATCH 13/23] Add more extension bindings for STACK_OF(X509_EXTENSION) --- openssl-sys/src/x509.rs | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index e57ad6cffa..d78ba61563 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -535,6 +535,27 @@ extern "C" { crit: c_int, flags: c_ulong, ) -> c_int; + // X509_EXTENSION stack + // - these getters always used *const STACK + pub fn X509v3_get_ext_count(x: *const stack_st_X509_EXTENSION) -> c_int; + pub fn X509v3_get_ext_by_NID( + x: *const stack_st_X509_EXTENSION, + nid: c_int, + lastpos: c_int, + ) -> c_int; + pub fn X509v3_get_ext_by_critical( + x: *const stack_st_X509_EXTENSION, + crit: c_int, + lastpos: c_int, + ) -> c_int; + pub fn X509v3_get_ext(x: *const stack_st_X509_EXTENSION, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509v3_delete_ext(x: *mut stack_st_X509_EXTENSION, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509v3_add_ext( + x: *mut *mut stack_st_X509_EXTENSION, + ex: *mut X509_EXTENSION, + loc: c_int, + ) -> *mut stack_st_X509_EXTENSION; + // - X509V3_add1_i2d in x509v3.rs // X509_EXTENSION itself pub fn X509_EXTENSION_create_by_NID( ex: *mut *mut X509_EXTENSION, @@ -586,6 +607,8 @@ cfg_if! { crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; + // X509_EXTENSION stack + pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; // X509_EXTENSION itself pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *const ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; @@ -629,6 +652,8 @@ cfg_if! { crit: *mut c_int, idx: *mut c_int, ) -> *mut c_void; + // X509_EXTENSION stack + pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; // X509_EXTENSION itself pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *mut ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *mut ASN1_OBJECT) -> c_int; From f83ed2e0746807cf8d251c01f7a92819118c2df3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 27 Sep 2020 15:30:28 +0200 Subject: [PATCH 14/23] Add some X509_REVOKED bindings, make extensions field public --- openssl-sys/src/x509.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index d78ba61563..e8f8fa465d 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -90,7 +90,7 @@ cfg_if! { pub struct X509_REVOKED { pub serialNumber: *mut ASN1_INTEGER, pub revocationDate: *mut ASN1_TIME, - extensions: *mut stack_st_X509_EXTENSION, + pub extensions: *mut stack_st_X509_EXTENSION, issuer: *mut stack_st_GENERAL_NAME, reason: c_int, sequence: c_int, @@ -242,6 +242,8 @@ extern "C" { pub fn X509_REVOKED_new() -> *mut X509_REVOKED; pub fn X509_REVOKED_free(x: *mut X509_REVOKED); + #[cfg(any(ossl110, libressl270))] + pub fn X509_REVOKED_dup(rev: *mut X509_REVOKED) -> *mut X509_REVOKED; pub fn d2i_X509_REVOKED( a: *mut *mut X509_REVOKED, pp: *mut *const c_uchar, @@ -377,6 +379,9 @@ extern "C" { #[cfg(any(ossl110, libressl270))] pub fn X509_REVOKED_get0_extensions(r: *const X509_REVOKED) -> *const stack_st_X509_EXTENSION; + pub fn X509_REVOKED_set_serialNumber(r: *mut X509_REVOKED, serial: *mut ASN1_INTEGER) -> c_int; + pub fn X509_REVOKED_set_revocationDate(r: *mut X509_REVOKED, tm: *mut ASN1_TIME) -> c_int; + pub fn X509_CRL_sign(x: *mut X509_CRL, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_CRL_digest( x: *const X509_CRL, From df0ad695a1b0f1c2c070d8ecd4fa17ade3f0b37f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 27 Sep 2020 17:28:18 +0200 Subject: [PATCH 15/23] Update some X509_CRL bindings for libressl281 --- openssl-sys/src/x509.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index e8f8fa465d..491af3816e 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -401,13 +401,13 @@ extern "C" { serial: *mut ASN1_INTEGER, ) -> c_int; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl281))] pub fn X509_CRL_get_REVOKED(crl: *mut X509_CRL) -> *mut stack_st_X509_REVOKED; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl281))] pub fn X509_CRL_get0_nextUpdate(x: *const X509_CRL) -> *const ASN1_TIME; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl281))] pub fn X509_CRL_get0_lastUpdate(x: *const X509_CRL) -> *const ASN1_TIME; - #[cfg(ossl110)] + #[cfg(any(ossl110, libressl281))] pub fn X509_CRL_get_issuer(x: *const X509_CRL) -> *mut X509_NAME; #[cfg(ossl110)] From c1c379af0243a9dbf3ba3b90af989eeb2a9afda0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sat, 10 Oct 2020 13:01:40 +0200 Subject: [PATCH 16/23] Silence clippy::match_like_matches_macro (would require rust 1.42) --- openssl-sys/build/main.rs | 1 + openssl/src/ssl/bio.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 49f26d2b7f..b9f47a7bce 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -270,6 +270,7 @@ due to this version mismatch. // parses a string that looks like "0x100020cfL" #[allow(deprecated)] // trim_right_matches is now trim_end_matches +#[allow(clippy::match_like_matches_macro)] // matches macro requires rust 1.42.0 fn parse_version(version: &str) -> u64 { // cut off the 0x prefix assert!(version.starts_with("0x")); diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs index cabe057b5c..2277d043ee 100644 --- a/openssl/src/ssl/bio.rs +++ b/openssl/src/ssl/bio.rs @@ -128,6 +128,7 @@ unsafe extern "C" fn bread(bio: *mut BIO, buf: *mut c_char, len: c_int) } } +#[allow(clippy::match_like_matches_macro)] // matches macro requires rust 1.42.0 fn retriable_error(err: &io::Error) -> bool { match err.kind() { io::ErrorKind::WouldBlock | io::ErrorKind::NotConnected => true, From 5fc9ad88a32f5bbdb327e47757b0af55d8cad8bd Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Sat, 10 Oct 2020 13:02:02 +0200 Subject: [PATCH 17/23] Fix a typo --- openssl/src/ec.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs index 49c26dc3a5..23d4015ddd 100644 --- a/openssl/src/ec.rs +++ b/openssl/src/ec.rs @@ -633,9 +633,9 @@ where { /// Returns the public key. /// - /// OpenSSL documentation at [`EC_KEY_get0_pubic_key`] + /// OpenSSL documentation at [`EC_KEY_get0_public_key`] /// - /// [`EC_KEY_get0_pubic_key`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_get0_public_key.html + /// [`EC_KEY_get0_public_key`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_KEY_get0_public_key.html pub fn public_key(&self) -> &EcPointRef { unsafe { let ptr = ffi::EC_KEY_get0_public_key(self.as_ptr()); From 5b9b4429f88a480df20253420d2ce57478354685 Mon Sep 17 00:00:00 2001 From: Matt Brubeck Date: Mon, 12 Oct 2020 11:22:52 -0700 Subject: [PATCH 18/23] Update to cfg-if 1.0 --- openssl/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index 89c6f809f3..a54833d5a7 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -20,7 +20,7 @@ vendored = ['openssl-sys/vendored'] [dependencies] bitflags = "1.0" -cfg-if = "0.1" +cfg-if = "1.0" foreign-types = "0.3.1" lazy_static = "1" libc = "0.2" From 388ed22d5560e9b18b4a9e4d78b1639cf58cdc9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 25 Oct 2020 11:50:55 +0100 Subject: [PATCH 19/23] remove unnecessary #[cfg(...)] --- openssl-sys/src/ssl.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 1d4dcc5ed7..66705a61d6 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -852,12 +852,10 @@ cfg_if! { cfg_if! { if #[cfg(ossl110g)] { - #[cfg(ossl110g)] pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int { SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int } - #[cfg(ossl110g)] pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int { SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int } From c6c2ce91051e9fe3120fddef543bf192532dd8df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 11 Oct 2020 17:29:11 +0200 Subject: [PATCH 20/23] Add and use const_ptr_api macro in openssl-sys --- openssl-sys/src/asn1.rs | 12 +- openssl-sys/src/bio.rs | 39 ++---- openssl-sys/src/evp.rs | 60 +++----- openssl-sys/src/macros.rs | 209 ++++++++++++++++++++++++++++ openssl-sys/src/ocsp.rs | 24 +--- openssl-sys/src/pkcs12.rs | 45 ++---- openssl-sys/src/ssl.rs | 89 ++++-------- openssl-sys/src/x509.rs | 282 ++++++++++++-------------------------- openssl-sys/src/x509v3.rs | 75 ++++------ 9 files changed, 394 insertions(+), 441 deletions(-) diff --git a/openssl-sys/src/asn1.rs b/openssl-sys/src/asn1.rs index a42c1c5415..d6d16b7f5d 100644 --- a/openssl-sys/src/asn1.rs +++ b/openssl-sys/src/asn1.rs @@ -61,14 +61,8 @@ extern "C" { pub fn ASN1_TIME_set_string_X509(s: *mut ASN1_TIME, str: *const c_char) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *const ASN1_STRING) -> c_int; - } - } else { - extern "C" { - pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: *mut ASN1_STRING) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn ASN1_STRING_to_UTF8(out: *mut *mut c_uchar, s: #[const_ptr_if(any(ossl110, libressl280))] ASN1_STRING) -> c_int; } } diff --git a/openssl-sys/src/bio.rs b/openssl-sys/src/bio.rs index bf9006a89a..d738a8af0b 100644 --- a/openssl-sys/src/bio.rs +++ b/openssl-sys/src/bio.rs @@ -60,17 +60,10 @@ pub unsafe fn BIO_get_mem_data(b: *mut BIO, pp: *mut *mut c_char) -> c_long { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp as *mut c_void) } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn BIO_s_file() -> *const BIO_METHOD; - pub fn BIO_new(type_: *const BIO_METHOD) -> *mut BIO; - } - } else { - extern "C" { - pub fn BIO_s_file() -> *mut BIO_METHOD; - pub fn BIO_new(type_: *mut BIO_METHOD) -> *mut BIO; - } +const_ptr_api! { + extern "C" { + pub fn BIO_s_file() -> #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD; + pub fn BIO_new(type_: #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD) -> *mut BIO; } } extern "C" { @@ -88,26 +81,10 @@ extern "C" { pub fn BIO_free_all(b: *mut BIO); } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn BIO_s_mem() -> *const BIO_METHOD; - } - } else { - extern "C" { - pub fn BIO_s_mem() -> *mut BIO_METHOD; - } - } -} -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn BIO_new_mem_buf(buf: *const c_void, len: c_int) -> *mut BIO; - } - } else { - extern "C" { - pub fn BIO_new_mem_buf(buf: *mut c_void, len: c_int) -> *mut BIO; - } +const_ptr_api! { + extern "C" { + pub fn BIO_s_mem() -> #[const_ptr_if(any(ossl110, libressl280))] BIO_METHOD; + pub fn BIO_new_mem_buf(buf: #[const_ptr_if(any(ossl102, libressl280))] c_void, len: c_int) -> *mut BIO; } } diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 820dd14c99..ec5df30aac 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -174,15 +174,9 @@ extern "C" { outl: *mut c_int, ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl111b, libressl280))] { - extern "C" { - pub fn EVP_PKEY_size(pkey: *const EVP_PKEY) -> c_int; - } - } else { - extern "C" { - pub fn EVP_PKEY_size(pkey: *mut EVP_PKEY) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_size(pkey: #[const_ptr_if(any(ossl111b, libressl280))] EVP_PKEY) -> c_int; } } cfg_if! { @@ -206,23 +200,13 @@ cfg_if! { } } } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: *const c_uchar, - siglen: size_t, - ) -> c_int; - } - } else { - extern "C" { - pub fn EVP_DigestVerifyFinal( - ctx: *mut EVP_MD_CTX, - sigret: *mut c_uchar, - siglen: size_t, - ) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn EVP_DigestVerifyFinal( + ctx: *mut EVP_MD_CTX, + sigret: #[const_ptr_if(any(ossl102, libressl280))] c_uchar, + siglen: size_t, + ) -> c_int; } } @@ -317,15 +301,9 @@ extern "C" { pub fn EVP_PKEY_id(pkey: *const EVP_PKEY) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn EVP_PKEY_bits(key: *const EVP_PKEY) -> c_int; - } - } else { - extern "C" { - pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn EVP_PKEY_bits(key: #[const_ptr_if(any(ossl110, libressl280))] EVP_PKEY) -> c_int; } } extern "C" { @@ -456,15 +434,9 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn EVP_PKCS82PKEY(p8: *const PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; - } - } else { - extern "C" { - pub fn EVP_PKCS82PKEY(p8: *mut PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; - } +const_ptr_api! { + extern "C" { + pub fn EVP_PKCS82PKEY(p8: #[const_ptr_if(any(ossl110, libressl280))] PKCS8_PRIV_KEY_INFO) -> *mut EVP_PKEY; } } diff --git a/openssl-sys/src/macros.rs b/openssl-sys/src/macros.rs index 84320b7265..7b4a875f88 100644 --- a/openssl-sys/src/macros.rs +++ b/openssl-sys/src/macros.rs @@ -85,3 +85,212 @@ macro_rules! const_fn { )* } } + +// openssl changes `*mut` to `*const` in certain parameters in certain versions; +// in C this is ABI and (mostly) API compatible. +// +// We need to handle this explicitly, and this macro helps annotate which +// parameter got converted in which version. +// +// Input is: +// extern "C" { +// #[attributes...] +// pub fn name(args) -> rettype; // `-> rettype` optional +// // more functions... +// } +// +// This macro replaces `#[const_ptr_if(...)]` in types with `*const` or `*mut` +// (depending on the inner cfg flags) +// +// Walks through all argument and return types, but only finds inner types of +// `*const` and `*mut`; doesn't walk arrays or generics. +// +// NOTE: can't abstract `pub` as `$fn_vis:vis`, as ctest macro handling doesn't +// support it (old syntax crate). But we really only need `pub` anyway. +// +// NOTE: ctest seams to simply ignore macros it can't expand (whatever the +// reason) +macro_rules! const_ptr_api { + // ---------------------------------------------------------------- + // (partialarg): partial argument, waiting for "final" argument type + // MAGIC PART 1: hande conditional const ptr in argument type + ( (partialarg) + { $(#[$fn_attr:meta])* pub fn $fn_name:ident } + $args_packed:tt + [ $($part_arg:tt)* ] + [ #[const_ptr_if( $($cfg:tt)* )] $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) { #[cfg($($cfg)*)] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_arg)* *const ] [ $($arg_rem)* ] $ret_packed ); + const_ptr_api!( (partialarg) { #[cfg(not($($cfg)*))] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_arg)* *mut ] [ $($arg_rem)* ] $ret_packed ); + }; + // continue partial argument with `*mut` pointer (might need special const handling in inner type) + ( (partialarg) + $def_packed:tt + $args_packed:tt + [ $($part_arg:tt)* ] + [ *mut $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) $def_packed $args_packed [ $($part_arg)* *mut ] [ $($arg_rem)* ] $ret_packed ); + }; + // continue partial argument with `*const` pointer (might need special const handling in inner type) + ( (partialarg) + $def_packed:tt + $args_packed:tt + [ $($part_arg:tt)* ] + [ *const $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) $def_packed $args_packed [ $($part_arg)* *const ] [ $($arg_rem)* ] $ret_packed ); + }; + // finish partial argument with trailing comma + ( (partialarg) + $def_packed:tt + { $($args_tt:tt)* } + [ $($part_arg:tt)* ] + [ $arg_ty:ty, $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (parseargs) $def_packed { $($args_tt)* { $($part_arg)* $arg_ty } } [ $($arg_rem)* ] $ret_packed ); + }; + // finish final partial argument (no trailing comma) + ( (partialarg) + $def_packed:tt + { $($args_tt:tt)* } + [ $($part_arg:tt)* ] + [ $arg_ty:ty ] + $ret_packed:tt + ) => { + const_ptr_api!( (parseargs) $def_packed { $($args_tt)* { $($part_arg)* $arg_ty } } [ ] $ret_packed ); + }; + + // ---------------------------------------------------------------- + // (parseargs): parsing arguments + // start next argument + ( (parseargs) + $def_packed:tt + $args_packed:tt + [ $arg_name:ident : $($arg_rem:tt)* ] + $ret_packed:tt + ) => { + const_ptr_api!( (partialarg) $def_packed $args_packed [ $arg_name: ] [ $($arg_rem)* ] $ret_packed ); + }; + // end of arguments, there is a return type; start parsing it + ( (parseargs) + $def_packed:tt + $args_packed:tt + [ ] + [ -> $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) $def_packed $args_packed [] [ $($rem)* ] ); + }; + // end of arguments, no return type + ( (parseargs) + $def_packed:tt + $args_packed:tt + [ ] + [ ] + ) => { + const_ptr_api!( (generate) $def_packed $args_packed { () } ); + }; + + // ---------------------------------------------------------------- + // (partialret): have partial return type, waiting for final return type + // MAGIC PART 2: hande conditional const ptr in return type + ( (partialret) + { $(#[$fn_attr:meta])* pub fn $fn_name:ident } + $args_packed:tt + [ $($part_ret:tt)* ] + [ #[const_ptr_if( $($cfg:tt)* )] $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) { #[cfg($($cfg)*)] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_ret)* *const ] [ $($rem)* ] ); + const_ptr_api!( (partialret) { #[cfg(not($($cfg)*))] $(#[$fn_attr])* pub fn $fn_name } $args_packed [ $($part_ret)* *mut ] [ $($rem)* ] ); + }; + // `* mut` part in return type; continue parsing to find inner conditional const ptr + ( (partialret) + $def_packed:tt + $args_packed:tt + [ $($part_ret:tt)* ] + [ *mut $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) $def_packed $args_packed [ $($part_ret)* *mut ] [ $($rem)* ] ); + }; + // `* const` part in return type; continue parsing to find inner conditional const ptr + ( (partialret) + $def_packed:tt + $args_packed:tt + [ $($part_ret:tt)* ] + [ *const $($rem:tt)* ] + ) => { + const_ptr_api!( (partialret) $def_packed $args_packed [ $($part_ret)* *const ] [ $($rem)* ] ); + }; + // final part of return type + ( (partialret) + $def_packed:tt + $args_packed:tt + [ $($part_ret:tt)* ] + [ $ret_ty:ty ] + ) => { + const_ptr_api!( (generate) $def_packed $args_packed { $($part_ret)* $ret_ty } ); + }; + + // ---------------------------------------------------------------- + // generate + ( (generate) + { $(#[$fn_attr:meta])* pub fn $fn_name:ident } + { $({ $arg_name:ident: $($arg_ty:tt)* })* } + { $ret_ty:ty } + ) => { + extern "C" { + $(#[$fn_attr])* + pub fn $fn_name( $( + $arg_name: $($arg_ty)* + ),* ) -> $ret_ty; + } + }; + + // ---------------------------------------------------------------- + // (fn): gather tokens for return type until ";" + // found end; start parsing current function, and parse remaining functions + ( (fn) + $def_packed:tt + $arg_tts_packed:tt + $ret_packed:tt + [ ; $($rem:tt)* ] + ) => { + const_ptr_api!( (parseargs) $def_packed {} $arg_tts_packed $ret_packed ); + const_ptr_api!( (extern) [ $($rem)* ] ); + }; + // not ";" - all other tokens are part of the return type. + // don't expand return type yet; otherwise we'd have to remember in which branch `rem` needs + // to be used to parse further functions. + ( (fn) + $def_packed:tt + $arg_tts_packed:tt + [ $($ret_tt:tt)* ] + [ $tt:tt $($rem:tt)* ] + ) => { + const_ptr_api!( (fn) $def_packed $arg_tts_packed [ $($ret_tt)* $tt ] [ $($rem)* ] ); + }; + + // ---------------------------------------------------------------- + // (extern): in extern block, find next function + // try to split into functions as fast as possible to reduce recursion depth + ( (extern) [ + $(#[$fn_attr:meta])* + pub fn $fn_name:ident( $($arg_rem:tt)* ) $($rem:tt)* + ] ) => { + const_ptr_api!( (fn) + { $(#[$fn_attr])* pub fn $fn_name } [ $($arg_rem)* ] [] [ $($rem)* ] + ); + }; + // end of extern block + ( (extern) [] ) => {}; + + // ---------------------------------------------------------------- + // macro start; find extern block + ( extern "C" { $($rem:tt)* } ) => { + const_ptr_api!( (extern) [ $($rem)* ] ); + }; +} diff --git a/openssl-sys/src/ocsp.rs b/openssl-sys/src/ocsp.rs index 82157f32ff..ff7092378a 100644 --- a/openssl-sys/src/ocsp.rs +++ b/openssl-sys/src/ocsp.rs @@ -44,23 +44,13 @@ pub const V_OCSP_CERTSTATUS_UNKNOWN: c_int = 2; pub enum OCSP_BASICRESP {} -cfg_if! { - if #[cfg(any(ossl110, libressl281))] { - extern "C" { - pub fn OCSP_cert_to_id( - dgst: *const EVP_MD, - subject: *const X509, - issuer: *const X509, - ) -> *mut OCSP_CERTID; - } - } else { - extern "C" { - pub fn OCSP_cert_to_id( - dgst: *const EVP_MD, - subject: *mut X509, - issuer: *mut X509, - ) -> *mut ::OCSP_CERTID; - } +const_ptr_api! { + extern "C" { + pub fn OCSP_cert_to_id( + dgst: *const EVP_MD, + subject: #[const_ptr_if(any(ossl110, libressl281))] X509, + issuer: #[const_ptr_if(any(ossl110, libressl281))] X509, + ) -> *mut OCSP_CERTID; } } diff --git a/openssl-sys/src/pkcs12.rs b/openssl-sys/src/pkcs12.rs index 9cdba7e1dc..1db74ebb42 100644 --- a/openssl-sys/src/pkcs12.rs +++ b/openssl-sys/src/pkcs12.rs @@ -17,37 +17,20 @@ extern "C" { ca: *mut *mut stack_st_X509, ) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn PKCS12_create( - pass: *const c_char, - friendly_name: *const c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - } - } else { - extern "C" { - pub fn PKCS12_create( - pass: *mut c_char, - friendly_name: *mut c_char, - pkey: *mut EVP_PKEY, - cert: *mut X509, - ca: *mut stack_st_X509, - nid_key: c_int, - nid_cert: c_int, - iter: c_int, - mac_iter: c_int, - keytype: c_int, - ) -> *mut PKCS12; - } +const_ptr_api! { + extern "C" { + pub fn PKCS12_create( + pass: #[const_ptr_if(any(ossl110, libressl280))] c_char, + friendly_name: #[const_ptr_if(any(ossl110, libressl280))] c_char, + pkey: *mut EVP_PKEY, + cert: *mut X509, + ca: *mut stack_st_X509, + nid_key: c_int, + nid_cert: c_int, + iter: c_int, + mac_iter: c_int, + keytype: c_int, + ) -> *mut PKCS12; } } diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs index 1d4dcc5ed7..501451e21d 100644 --- a/openssl-sys/src/ssl.rs +++ b/openssl-sys/src/ssl.rs @@ -478,6 +478,7 @@ extern "C" { ); } cfg_if! { + // const change in passed function pointer signature if #[cfg(any(ossl110, libressl280))] { extern "C" { pub fn SSL_CTX_sess_set_get_cb( @@ -509,6 +510,7 @@ extern "C" { } cfg_if! { + // const change in passed function pointer signature if #[cfg(any(ossl110, libressl280))] { extern "C" { pub fn SSL_CTX_set_cookie_verify_cb( @@ -681,15 +683,10 @@ extern "C" { pub fn SSL_get_verify_mode(s: *const SSL) -> c_int; } -cfg_if! { - if #[cfg(ossl111)] { - extern "C" { - pub fn SSL_is_init_finished(s: *const SSL) -> c_int; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_is_init_finished(s: *mut SSL) -> c_int; - } +const_ptr_api! { + extern "C" { + #[cfg(ossl110)] + pub fn SSL_is_init_finished(s: #[const_ptr_if(ossl111)] SSL) -> c_int; } } @@ -911,15 +908,9 @@ extern "C" { pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER; pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *const c_char; - } - } else { - extern "C" { - pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> *mut c_char; - } +const_ptr_api! { + extern "C" { + pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> #[const_ptr_if(any(ossl110, libressl280))] c_char; } } extern "C" { @@ -1160,15 +1151,9 @@ extern "C" { ) -> c_int; } -cfg_if! { - if #[cfg(ossl111b)] { - extern "C" { - pub fn SSL_get_ssl_method(ssl: *const SSL) -> *const SSL_METHOD; - } - } else { - extern "C" { - pub fn SSL_get_ssl_method(ssl: *mut SSL) -> *const SSL_METHOD; - } +const_ptr_api! { + extern "C" { + pub fn SSL_get_ssl_method(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const SSL_METHOD; } } @@ -1187,15 +1172,9 @@ extern "C" { pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509; } -cfg_if! { - if #[cfg(any(ossl102, libressl280))] { - extern "C" { - pub fn SSL_get_privatekey(ssl: *const SSL) -> *mut EVP_PKEY; - } - } else { - extern "C" { - pub fn SSL_get_privatekey(ssl: *mut SSL) -> *mut EVP_PKEY; - } +const_ptr_api! { + extern "C" { + pub fn SSL_get_privatekey(ssl: #[const_ptr_if(any(ossl102, libressl280))] SSL) -> *mut EVP_PKEY; } } @@ -1339,14 +1318,11 @@ cfg_if! { extern "C" { pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void; } - } else if #[cfg(osslconf = "OPENSSL_NO_COMP")] { - } else if #[cfg(ossl111b)] { - extern "C" { - pub fn SSL_get_current_compression(ssl: *const SSL) -> *const COMP_METHOD; - } - } else { - extern "C" { - pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const COMP_METHOD; + } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] { + const_ptr_api! { + extern "C" { + pub fn SSL_get_current_compression(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const COMP_METHOD; + } } } } @@ -1370,13 +1346,11 @@ extern "C" { } cfg_if! { - if #[cfg(ossl111c)] { - extern "C" { - pub fn SSL_session_reused(ssl: *const SSL) -> c_int; - } - } else if #[cfg(ossl110)] { - extern "C" { - pub fn SSL_session_reused(ssl: *mut SSL) -> c_int; + if #[cfg(ossl110)] { + const_ptr_api! { + extern "C" { + pub fn SSL_session_reused(ssl: #[const_ptr_if(ossl111c)] SSL) -> c_int; + } } } else { pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int { @@ -1384,15 +1358,10 @@ cfg_if! { } } } -cfg_if! { - if #[cfg(any(ossl110f, libressl273))] { - extern "C" { - pub fn SSL_is_server(s: *const SSL) -> c_int; - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn SSL_is_server(s: *mut SSL) -> c_int; - } +const_ptr_api! { + extern "C" { + #[cfg(any(ossl102, libressl273))] + pub fn SSL_is_server(s: #[const_ptr_if(any(ossl110f, libressl273))] SSL) -> c_int; } } diff --git a/openssl-sys/src/x509.rs b/openssl-sys/src/x509.rs index 491af3816e..7a538c09be 100644 --- a/openssl-sys/src/x509.rs +++ b/openssl-sys/src/x509.rs @@ -211,25 +211,15 @@ extern "C" { pub fn i2d_ECPrivateKey(ec_key: *mut EC_KEY, pp: *mut *mut c_uchar) -> c_int; } -cfg_if! { - if #[cfg(ossl110)] { - extern "C" { - pub fn X509_ALGOR_get0( - paobj: *mut *const ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *const c_void, - alg: *const X509_ALGOR, - ); - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn X509_ALGOR_get0( - paobj: *mut *mut ASN1_OBJECT, - pptype: *mut c_int, - ppval: *mut *mut c_void, - alg: *mut X509_ALGOR, - ); - } +const_ptr_api! { + extern "C" { + #[cfg(ossl102)] + pub fn X509_ALGOR_get0( + paobj: *mut #[const_ptr_if(ossl110)] ASN1_OBJECT, + pptype: *mut c_int, + ppval: *mut #[const_ptr_if(ossl110)] c_void, + alg: #[const_ptr_if(ossl110)] X509_ALGOR, + ); } } @@ -269,23 +259,14 @@ extern "C" { pub fn i2d_X509_REQ(x: *mut X509_REQ, buf: *mut *mut u8) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl273))] { - extern "C" { - pub fn X509_get0_signature( - psig: *mut *const ASN1_BIT_STRING, - palg: *mut *const X509_ALGOR, - x: *const X509, - ); - } - } else if #[cfg(ossl102)] { - extern "C" { - pub fn X509_get0_signature( - psig: *mut *mut ASN1_BIT_STRING, - palg: *mut *mut X509_ALGOR, - x: *const X509, - ); - } +const_ptr_api! { + extern "C" { + #[cfg(any(ossl102, libressl273))] + pub fn X509_get0_signature( + psig: *mut #[const_ptr_if(any(ossl110, libressl273))] ASN1_BIT_STRING, + palg: *mut #[const_ptr_if(any(ossl110, libressl273))] X509_ALGOR, + x: *const X509, + ); } } extern "C" { @@ -313,29 +294,17 @@ extern "C" { pub fn X509_subject_name_hash(x: *mut ::X509) -> c_ulong; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_get_issuer_name(x: *const ::X509) -> *mut ::X509_NAME; - } - } else { - extern "C" { - pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME; - } +const_ptr_api! { + extern "C" { + pub fn X509_get_issuer_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; } } extern "C" { pub fn X509_set_subject_name(x: *mut X509, name: *mut X509_NAME) -> c_int; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_get_subject_name(x: *const ::X509) -> *mut ::X509_NAME; - } - } else { - extern "C" { - pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME; - } +const_ptr_api! { + extern "C" { + pub fn X509_get_subject_name(x: #[const_ptr_if(any(ossl110, libressl280))] ::X509) -> *mut ::X509_NAME; } } cfg_if! { @@ -436,60 +405,26 @@ cfg_if! { } } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_NAME_entry_count(n: *const X509_NAME) -> c_int; - } - } else { - extern "C" { - pub fn X509_NAME_entry_count(n: *mut X509_NAME) -> c_int; - } - } -} - -cfg_if! { - if #[cfg(libressl280)] { - extern "C" { - pub fn X509_NAME_get_index_by_NID(n: *const X509_NAME, nid: c_int, last_pos: c_int) -> c_int; - } - } else { - extern "C" { - pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn X509_NAME_entry_count(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME) -> c_int; + pub fn X509_NAME_get_index_by_NID(n: #[const_ptr_if(libressl280)] X509_NAME, nid: c_int, last_pos: c_int) -> c_int; } } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509_NAME_get_entry(n: *const X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; - pub fn X509_NAME_add_entry_by_NID( - x: *mut X509_NAME, - field: c_int, - ty: c_int, - bytes: *const c_uchar, - len: c_int, - loc: c_int, - set: c_int, - ) -> c_int; - pub fn X509_NAME_ENTRY_get_object(ne: *const X509_NAME_ENTRY) -> *mut ASN1_OBJECT; - pub fn X509_NAME_ENTRY_get_data(ne: *const X509_NAME_ENTRY) -> *mut ASN1_STRING; - } - } else { - extern "C" { - pub fn X509_NAME_get_entry(n: *mut X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; - pub fn X509_NAME_add_entry_by_NID( - x: *mut X509_NAME, - field: c_int, - ty: c_int, - bytes: *mut c_uchar, - len: c_int, - loc: c_int, - set: c_int, - ) -> c_int; - pub fn X509_NAME_ENTRY_get_object(ne: *mut X509_NAME_ENTRY) -> *mut ASN1_OBJECT; - pub fn X509_NAME_ENTRY_get_data(ne: *mut X509_NAME_ENTRY) -> *mut ASN1_STRING; - } +const_ptr_api! { + extern "C" { + pub fn X509_NAME_get_entry(n: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME, loc: c_int) -> *mut X509_NAME_ENTRY; + pub fn X509_NAME_add_entry_by_NID( + x: *mut X509_NAME, + field: c_int, + ty: c_int, + bytes: #[const_ptr_if(any(ossl110, libressl280))] c_uchar, + len: c_int, + loc: c_int, + set: c_int, + ) -> c_int; + pub fn X509_NAME_ENTRY_get_object(ne: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME_ENTRY) -> *mut ASN1_OBJECT; + pub fn X509_NAME_ENTRY_get_data(ne: #[const_ptr_if(any(ossl110, libressl280))] X509_NAME_ENTRY) -> *mut ASN1_STRING; } } extern "C" { @@ -573,97 +508,50 @@ extern "C" { pub fn X509_EXTENSION_get_object(ext: *mut X509_EXTENSION) -> *mut ASN1_OBJECT; pub fn X509_EXTENSION_get_data(ext: *mut X509_EXTENSION) -> *mut ASN1_OCTET_STRING; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - // in X509 - pub fn X509_get_ext_count(x: *const X509) -> c_int; - pub fn X509_get_ext_by_NID(x: *const X509, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_OBJ(x: *const X509, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_critical(x: *const X509, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext(x: *const X509, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_get_ext_d2i( - x: *const ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_CRL - pub fn X509_CRL_get_ext_count(x: *const X509_CRL) -> c_int; - pub fn X509_CRL_get_ext_by_NID(x: *const X509_CRL, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_OBJ(x: *const X509_CRL, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_critical(x: *const X509_CRL, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext(x: *const X509_CRL, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_CRL_get_ext_d2i( - x: *const ::X509_CRL, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_REVOKED - pub fn X509_REVOKED_get_ext_count(x: *const X509_REVOKED) -> c_int; - pub fn X509_REVOKED_get_ext_by_NID(x: *const X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_OBJ(x: *const X509_REVOKED, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_critical(x: *const X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext(x: *const X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_REVOKED_get_ext_d2i( - x: *const ::X509_REVOKED, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // X509_EXTENSION stack - pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *const ASN1_OBJECT, lastpos: c_int) -> c_int; - // X509_EXTENSION itself - pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *const ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; - pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *const ASN1_OBJECT) -> c_int; - pub fn X509_EXTENSION_get_critical(ex: *const X509_EXTENSION) -> c_int; - } - } else { - extern "C" { - // in X509 - pub fn X509_get_ext_count(x: *mut X509) -> c_int; - pub fn X509_get_ext_by_NID(x: *mut X509, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_OBJ(x: *mut X509, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_get_ext_by_critical(x: *mut X509, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_get_ext(x: *mut X509, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_get_ext_d2i( - x: *mut ::X509, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_CRL - pub fn X509_CRL_get_ext_count(x: *mut X509_CRL) -> c_int; - pub fn X509_CRL_get_ext_by_NID(x: *mut X509_CRL, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_OBJ(x: *mut X509_CRL, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext_by_critical(x: *mut X509_CRL, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_CRL_get_ext(x: *mut X509_CRL, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_CRL_get_ext_d2i( - x: *mut ::X509_CRL, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // in X509_REVOKED - pub fn X509_REVOKED_get_ext_count(x: *mut X509_REVOKED) -> c_int; - pub fn X509_REVOKED_get_ext_by_NID(x: *mut X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_OBJ(x: *mut X509_REVOKED, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext_by_critical(x: *mut X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; - pub fn X509_REVOKED_get_ext(x: *mut X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; - pub fn X509_REVOKED_get_ext_d2i( - x: *mut ::X509_REVOKED, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - // X509_EXTENSION stack - pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: *mut ASN1_OBJECT, lastpos: c_int) -> c_int; - // X509_EXTENSION itself - pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: *mut ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; - pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: *mut ASN1_OBJECT) -> c_int; - pub fn X509_EXTENSION_get_critical(ex: *mut X509_EXTENSION) -> c_int; - } +const_ptr_api! { + extern "C" { + // in X509 + pub fn X509_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509) -> c_int; + pub fn X509_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_get_ext_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] ::X509, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_CRL + pub fn X509_CRL_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL) -> c_int; + pub fn X509_CRL_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_CRL_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509_CRL, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_CRL_get_ext_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] ::X509_CRL, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // in X509_REVOKED + pub fn X509_REVOKED_get_ext_count(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED) -> c_int; + pub fn X509_REVOKED_get_ext_by_NID(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, nid: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_OBJ(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext_by_critical(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, crit: c_int, lastpos: c_int) -> c_int; + pub fn X509_REVOKED_get_ext(x: #[const_ptr_if(any(ossl110, libressl280))] X509_REVOKED, loc: c_int) -> *mut X509_EXTENSION; + pub fn X509_REVOKED_get_ext_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] ::X509_REVOKED, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + // X509_EXTENSION stack + pub fn X509v3_get_ext_by_OBJ(x: *const stack_st_X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, lastpos: c_int) -> c_int; + // X509_EXTENSION itself + pub fn X509_EXTENSION_create_by_OBJ(ex: *mut *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT, crit: c_int, data: *mut ASN1_OCTET_STRING) -> *mut X509_EXTENSION; + pub fn X509_EXTENSION_set_object(ex: *mut X509_EXTENSION, obj: #[const_ptr_if(any(ossl110, libressl280))] ASN1_OBJECT) -> c_int; + pub fn X509_EXTENSION_get_critical(ex: #[const_ptr_if(any(ossl110, libressl280))] X509_EXTENSION) -> c_int; } } diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index e93bc446cc..8ab6a53155 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -51,37 +51,20 @@ pub const X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS: c_uint = 0x10; #[cfg(ossl110)] pub const X509_CHECK_FLAG_NEVER_CHECK_SUBJECT: c_uint = 0x20; -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509V3_EXT_nconf_nid( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - ext_nid: c_int, - value: *const c_char, - ) -> *mut X509_EXTENSION; - pub fn X509V3_EXT_nconf( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - name: *const c_char, - value: *const c_char, - ) -> *mut X509_EXTENSION; - } - } else { - extern "C" { - pub fn X509V3_EXT_nconf_nid( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - ext_nid: c_int, - value: *mut c_char, - ) -> *mut X509_EXTENSION; - pub fn X509V3_EXT_nconf( - conf: *mut CONF, - ctx: *mut X509V3_CTX, - name: *mut c_char, - value: *mut c_char, - ) -> *mut X509_EXTENSION; - } +const_ptr_api! { + extern "C" { + pub fn X509V3_EXT_nconf_nid( + conf: *mut CONF, + ctx: *mut X509V3_CTX, + ext_nid: c_int, + value: #[const_ptr_if(any(ossl110, libressl280))] c_char, + ) -> *mut X509_EXTENSION; + pub fn X509V3_EXT_nconf( + conf: *mut CONF, + ctx: *mut X509V3_CTX, + name: #[const_ptr_if(any(ossl110, libressl280))] c_char, + value: #[const_ptr_if(any(ossl110, libressl280))] c_char, + ) -> *mut X509_EXTENSION; } } @@ -103,27 +86,15 @@ extern "C" { pub fn X509_get1_ocsp(x: *mut X509) -> *mut stack_st_OPENSSL_STRING; } -cfg_if! { - if #[cfg(any(ossl110, libressl280))] { - extern "C" { - pub fn X509V3_get_d2i( - x: *const stack_st_X509_EXTENSION, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - pub fn X509V3_extensions_print(out: *mut BIO, title: *const c_char, exts: *const stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; - } - } else { - extern "C" { - pub fn X509V3_get_d2i( - x: *mut stack_st_X509_EXTENSION, - nid: c_int, - crit: *mut c_int, - idx: *mut c_int, - ) -> *mut c_void; - pub fn X509V3_extensions_print(out: *mut BIO, title: *mut c_char, exts: *mut stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; - } +const_ptr_api! { + extern "C" { + pub fn X509V3_get_d2i( + x: #[const_ptr_if(any(ossl110, libressl280))] stack_st_X509_EXTENSION, + nid: c_int, + crit: *mut c_int, + idx: *mut c_int, + ) -> *mut c_void; + pub fn X509V3_extensions_print(out: *mut BIO, title: #[const_ptr_if(any(ossl110, libressl280))] c_char, exts: #[const_ptr_if(any(ossl110, libressl280))] stack_st_X509_EXTENSION, flag: c_ulong, indent: c_int) -> c_int; } } From 1dbeb8cbd22a12415e72d42d5f74b884af66950b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 25 Oct 2020 12:24:47 +0100 Subject: [PATCH 21/23] fixed recursion_limit for openssl-sys so it also compiles on rust 1.31; also same limit as used by systest/ctest. --- openssl-sys/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 55964be23c..8bcc02f047 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -9,6 +9,7 @@ unused_imports )] #![doc(html_root_url = "https://docs.rs/openssl-sys/0.9")] +#![recursion_limit = "128"] // configure fixed limit across all rust versions extern crate libc; From 172173228ebc131175dc4451e105fb775bf990c7 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 25 Oct 2020 08:04:27 -0400 Subject: [PATCH 22/23] Upgrade CI macos version --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index dc938cf2b2..578caf00d7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -177,7 +177,7 @@ jobs: type: string default: 1.33.0 macos: - xcode: "9.0" + xcode: "12.2.0" environment: RUST_BACKTRACE: 1 steps: From 39ff35148e7bde04be3e1d81c84399637e718567 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 25 Oct 2020 08:06:13 -0400 Subject: [PATCH 23/23] Update config.yml --- .circleci/config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 578caf00d7..d00bb069b2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -182,8 +182,6 @@ jobs: RUST_BACKTRACE: 1 steps: - checkout - - run: sudo mkdir /opt - - run: sudo chown -R $USER /usr/local/ /opt - run: curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain << parameters.image >> - run: sudo ln -s ~/.cargo/bin/* /usr/local/bin - run: cargo generate-lockfile